SUSE 5110 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:2385-1: moderate: Security update for openconnect
openSUSE-SU-2019:2388-1: moderate: Security update for openconnect
openSUSE-SU-2019:2389-1: moderate: Security update for python
openSUSE-SU-2019:2392-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:2393-1: moderate: Security update for python



openSUSE-SU-2019:2385-1: moderate: Security update for openconnect

openSUSE Security Update: Security update for openconnect
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2385-1
Rating: moderate
References: #1151178
Cross-References: CVE-2019-16239
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for openconnect fixes the following issues:

- CVE-2019-16239: Fixed a buffer overflow when a malicious server uses
HTTP chunked encoding with crafted chunk sizes. (bsc#1151178)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2385=1



Package List:

- openSUSE Leap 15.1 (noarch):

openconnect-lang-7.08-lp151.6.3.1

- openSUSE Leap 15.1 (x86_64):

openconnect-7.08-lp151.6.3.1
openconnect-debuginfo-7.08-lp151.6.3.1
openconnect-debugsource-7.08-lp151.6.3.1
openconnect-devel-7.08-lp151.6.3.1
openconnect-doc-7.08-lp151.6.3.1


References:

https://www.suse.com/security/cve/CVE-2019-16239.html
https://bugzilla.suse.com/1151178

openSUSE-SU-2019:2388-1: moderate: Security update for openconnect

openSUSE Security Update: Security update for openconnect
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2388-1
Rating: moderate
References: #1151178
Cross-References: CVE-2019-16239
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for openconnect fixes the following issues:

- CVE-2019-16239: Fixed a buffer overflow when a malicious server uses
HTTP chunked encoding with crafted chunk sizes. (bsc#1151178)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2388=1



Package List:

- openSUSE Leap 15.0 (x86_64):

openconnect-7.08-lp150.5.3.1
openconnect-debuginfo-7.08-lp150.5.3.1
openconnect-debugsource-7.08-lp150.5.3.1
openconnect-devel-7.08-lp150.5.3.1
openconnect-doc-7.08-lp150.5.3.1

- openSUSE Leap 15.0 (noarch):

openconnect-lang-7.08-lp150.5.3.1


References:

https://www.suse.com/security/cve/CVE-2019-16239.html
https://bugzilla.suse.com/1151178

openSUSE-SU-2019:2389-1: moderate: Security update for python

openSUSE Security Update: Security update for python
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2389-1
Rating: moderate
References: #1130840 #1149955 #1153238
Cross-References: CVE-2019-16056 CVE-2019-16935 CVE-2019-9947

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for python fixes the following issues:

Security issues fixed:

- CVE-2019-9947: Fixed an insufficient validation of URL paths with
embedded whitespace or control characters that could allow HTTP header
injections. (bsc#1130840)
- CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py
(bsc#1153238).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2389=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

python-2.7.14-lp150.6.21.1
python-curses-2.7.14-lp150.6.21.1
python-curses-debuginfo-2.7.14-lp150.6.21.1
python-debuginfo-2.7.14-lp150.6.21.1
python-debugsource-2.7.14-lp150.6.21.1
python-demo-2.7.14-lp150.6.21.1
python-gdbm-2.7.14-lp150.6.21.1
python-gdbm-debuginfo-2.7.14-lp150.6.21.1
python-idle-2.7.14-lp150.6.21.1
python-tk-2.7.14-lp150.6.21.1
python-tk-debuginfo-2.7.14-lp150.6.21.1

- openSUSE Leap 15.0 (x86_64):

python-32bit-2.7.14-lp150.6.21.1
python-32bit-debuginfo-2.7.14-lp150.6.21.1


References:

https://www.suse.com/security/cve/CVE-2019-16056.html
https://www.suse.com/security/cve/CVE-2019-16935.html
https://www.suse.com/security/cve/CVE-2019-9947.html
https://bugzilla.suse.com/1130840
https://bugzilla.suse.com/1149955
https://bugzilla.suse.com/1153238

openSUSE-SU-2019:2392-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2392-1
Rating: important
References: #1046299 #1046303 #1046305 #1050244 #1050536
#1050545 #1051510 #1055186 #1061840 #1064802
#1065600 #1066129 #1073513 #1086323 #1087092
#1089644 #1093205 #1097583 #1097584 #1097585
#1097586 #1097587 #1097588 #1098291 #1101674
#1109158 #1114279 #1117665 #1123080 #1133140
#1134303 #1135642 #1135854 #1135873 #1137799
#1140729 #1140845 #1140883 #1141600 #1142635
#1142667 #1144375 #1144449 #1145099 #1148410
#1150452 #1150465 #1150875 #1151508 #1152788
#1152791 #1153112 #1153158 #1153236 #1153263
#1153646 #1153713 #1153717 #1153718 #1153719
#1153811 #1154108 #1154189 #1154354 #1154372
#1154578 #1154607 #1154608 #1154610 #1154611
#1154651 #1154747 #118461_FIXME #133135_FIXME
#135757_FIXME #147830_FIXME #147831_FIXME
#158172_FIXME #165544_FIXME #166495_FIXME
#172859_FIXME #172860_FIXME #181778_FIXME
#229268_FIXME #229269_FIXME #229270_FIXME
#229274_FIXME #229277_FIXME #229279_FIXME
#229280_FIXME #229281_FIXME #229283_FIXME
#229285_FIXME #229286_FIXME #229297_FIXME
#296718_FIXME #358767_FIXME #359798_FIXME
#802154 #814594 #919448 #987367 #998153
Cross-References: CVE-2019-16232 CVE-2019-16234 CVE-2019-17056
CVE-2019-17133 CVE-2019-17666
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 5 vulnerabilities and has 98 fixes is
now available.

Description:



The openSUSE Leap 15.0 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2019-17666: rtl_p2p_noa_ie in
drivers/net/wireless/realtek/rtlwifi/ps.c lacked a certain upper-bound
check, leading to a buffer overflow (bnc#1154372).
- CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not
check the alloc_workqueue return value, leading to a NULL pointer
dereference (bnc#1150465).
- CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not
check the alloc_workqueue return value, leading to a NULL pointer
dereference (bnc#1150452).
- CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
did not reject a long SSID IE, leading to a Buffer Overflow
(bnc#1153158).
- CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC
network module did not enforce CAP_NET_RAW, which means that
unprivileged users can create a raw socket, aka CID-3a359798b176
(bnc#1152788).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2392=1



Package List:

- openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.79.1
kernel-docs-4.12.14-lp150.12.79.1
kernel-docs-html-4.12.14-lp150.12.79.1
kernel-macros-4.12.14-lp150.12.79.1
kernel-source-4.12.14-lp150.12.79.1
kernel-source-vanilla-4.12.14-lp150.12.79.1

- openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.79.1
kernel-debug-base-4.12.14-lp150.12.79.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.79.1
kernel-debug-debuginfo-4.12.14-lp150.12.79.1
kernel-debug-debugsource-4.12.14-lp150.12.79.1
kernel-debug-devel-4.12.14-lp150.12.79.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.79.1
kernel-default-4.12.14-lp150.12.79.1
kernel-default-base-4.12.14-lp150.12.79.1
kernel-default-base-debuginfo-4.12.14-lp150.12.79.1
kernel-default-debuginfo-4.12.14-lp150.12.79.1
kernel-default-debugsource-4.12.14-lp150.12.79.1
kernel-default-devel-4.12.14-lp150.12.79.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.79.1
kernel-kvmsmall-4.12.14-lp150.12.79.1
kernel-kvmsmall-base-4.12.14-lp150.12.79.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.79.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.79.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.79.1
kernel-kvmsmall-devel-4.12.14-lp150.12.79.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.79.1
kernel-obs-build-4.12.14-lp150.12.79.1
kernel-obs-build-debugsource-4.12.14-lp150.12.79.1
kernel-obs-qa-4.12.14-lp150.12.79.1
kernel-syms-4.12.14-lp150.12.79.1
kernel-vanilla-4.12.14-lp150.12.79.1
kernel-vanilla-base-4.12.14-lp150.12.79.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.79.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.79.1
kernel-vanilla-debugsource-4.12.14-lp150.12.79.1
kernel-vanilla-devel-4.12.14-lp150.12.79.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.79.1


References:

https://www.suse.com/security/cve/CVE-2019-16232.html
https://www.suse.com/security/cve/CVE-2019-16234.html
https://www.suse.com/security/cve/CVE-2019-17056.html
https://www.suse.com/security/cve/CVE-2019-17133.html
https://www.suse.com/security/cve/CVE-2019-17666.html
https://bugzilla.suse.com/1046299
https://bugzilla.suse.com/1046303
https://bugzilla.suse.com/1046305
https://bugzilla.suse.com/1050244
https://bugzilla.suse.com/1050536
https://bugzilla.suse.com/1050545
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1055186
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1064802
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1066129
https://bugzilla.suse.com/1073513
https://bugzilla.suse.com/1086323
https://bugzilla.suse.com/1087092
https://bugzilla.suse.com/1089644
https://bugzilla.suse.com/1093205
https://bugzilla.suse.com/1097583
https://bugzilla.suse.com/1097584
https://bugzilla.suse.com/1097585
https://bugzilla.suse.com/1097586
https://bugzilla.suse.com/1097587
https://bugzilla.suse.com/1097588
https://bugzilla.suse.com/1098291
https://bugzilla.suse.com/1101674
https://bugzilla.suse.com/1109158
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1117665
https://bugzilla.suse.com/1123080
https://bugzilla.suse.com/1133140
https://bugzilla.suse.com/1134303
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1135854
https://bugzilla.suse.com/1135873
https://bugzilla.suse.com/1137799
https://bugzilla.suse.com/1140729
https://bugzilla.suse.com/1140845
https://bugzilla.suse.com/1140883
https://bugzilla.suse.com/1141600
https://bugzilla.suse.com/1142635
https://bugzilla.suse.com/1142667
https://bugzilla.suse.com/1144375
https://bugzilla.suse.com/1144449
https://bugzilla.suse.com/1145099
https://bugzilla.suse.com/1148410
https://bugzilla.suse.com/1150452
https://bugzilla.suse.com/1150465
https://bugzilla.suse.com/1150875
https://bugzilla.suse.com/1151508
https://bugzilla.suse.com/1152788
https://bugzilla.suse.com/1152791
https://bugzilla.suse.com/1153112
https://bugzilla.suse.com/1153158
https://bugzilla.suse.com/1153236
https://bugzilla.suse.com/1153263
https://bugzilla.suse.com/1153646
https://bugzilla.suse.com/1153713
https://bugzilla.suse.com/1153717
https://bugzilla.suse.com/1153718
https://bugzilla.suse.com/1153719
https://bugzilla.suse.com/1153811
https://bugzilla.suse.com/1154108
https://bugzilla.suse.com/1154189
https://bugzilla.suse.com/1154354
https://bugzilla.suse.com/1154372
https://bugzilla.suse.com/1154578
https://bugzilla.suse.com/1154607
https://bugzilla.suse.com/1154608
https://bugzilla.suse.com/1154610
https://bugzilla.suse.com/1154611
https://bugzilla.suse.com/1154651
https://bugzilla.suse.com/1154747
https://bugzilla.suse.com/118461_FIXME
https://bugzilla.suse.com/133135_FIXME
https://bugzilla.suse.com/135757_FIXME
https://bugzilla.suse.com/147830_FIXME
https://bugzilla.suse.com/147831_FIXME
https://bugzilla.suse.com/158172_FIXME
https://bugzilla.suse.com/165544_FIXME
https://bugzilla.suse.com/166495_FIXME
https://bugzilla.suse.com/172859_FIXME
https://bugzilla.suse.com/172860_FIXME
https://bugzilla.suse.com/181778_FIXME
https://bugzilla.suse.com/229268_FIXME
https://bugzilla.suse.com/229269_FIXME
https://bugzilla.suse.com/229270_FIXME
https://bugzilla.suse.com/229274_FIXME
https://bugzilla.suse.com/229277_FIXME
https://bugzilla.suse.com/229279_FIXME
https://bugzilla.suse.com/229280_FIXME
https://bugzilla.suse.com/229281_FIXME
https://bugzilla.suse.com/229283_FIXME
https://bugzilla.suse.com/229285_FIXME
https://bugzilla.suse.com/229286_FIXME
https://bugzilla.suse.com/229297_FIXME
https://bugzilla.suse.com/296718_FIXME
https://bugzilla.suse.com/358767_FIXME
https://bugzilla.suse.com/359798_FIXME
https://bugzilla.suse.com/802154
https://bugzilla.suse.com/814594
https://bugzilla.suse.com/919448
https://bugzilla.suse.com/987367
https://bugzilla.suse.com/998153

openSUSE-SU-2019:2393-1: moderate: Security update for python

openSUSE Security Update: Security update for python
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2393-1
Rating: moderate
References: #1130840 #1149955 #1153238
Cross-References: CVE-2019-16056 CVE-2019-16935 CVE-2019-9947

Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for python fixes the following issues:

Security issues fixed:

- CVE-2019-9947: Fixed an insufficient validation of URL paths with
embedded whitespace or control characters that could allow HTTP header
injections. (bsc#1130840)
- CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py
(bsc#1153238).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2393=1



Package List:

- openSUSE Leap 15.1 (i586 x86_64):

libpython2_7-1_0-2.7.14-lp151.10.10.2
libpython2_7-1_0-debuginfo-2.7.14-lp151.10.10.2
python-2.7.14-lp151.10.10.1
python-base-2.7.14-lp151.10.10.2
python-base-debuginfo-2.7.14-lp151.10.10.2
python-base-debugsource-2.7.14-lp151.10.10.2
python-curses-2.7.14-lp151.10.10.1
python-curses-debuginfo-2.7.14-lp151.10.10.1
python-debuginfo-2.7.14-lp151.10.10.1
python-debugsource-2.7.14-lp151.10.10.1
python-demo-2.7.14-lp151.10.10.1
python-devel-2.7.14-lp151.10.10.2
python-gdbm-2.7.14-lp151.10.10.1
python-gdbm-debuginfo-2.7.14-lp151.10.10.1
python-idle-2.7.14-lp151.10.10.1
python-tk-2.7.14-lp151.10.10.1
python-tk-debuginfo-2.7.14-lp151.10.10.1
python-xml-2.7.14-lp151.10.10.2
python-xml-debuginfo-2.7.14-lp151.10.10.2

- openSUSE Leap 15.1 (x86_64):

libpython2_7-1_0-32bit-2.7.14-lp151.10.10.2
libpython2_7-1_0-32bit-debuginfo-2.7.14-lp151.10.10.2
python-32bit-2.7.14-lp151.10.10.1
python-32bit-debuginfo-2.7.14-lp151.10.10.1
python-base-32bit-2.7.14-lp151.10.10.2
python-base-32bit-debuginfo-2.7.14-lp151.10.10.2

- openSUSE Leap 15.1 (noarch):

python-doc-2.7.14-lp151.10.10.1
python-doc-pdf-2.7.14-lp151.10.10.1


References:

https://www.suse.com/security/cve/CVE-2019-16056.html
https://www.suse.com/security/cve/CVE-2019-16935.html
https://www.suse.com/security/cve/CVE-2019-9947.html
https://bugzilla.suse.com/1130840
https://bugzilla.suse.com/1149955
https://bugzilla.suse.com/1153238